lkft/linux-next-master - next-20250710 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

July 10, 2025, 9:07 a.m.

Environment
qemu-arm64
qemu-x86_64

[   29.373149] ==================================================================
[   29.373206] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.373262] Write of size 1 at addr fff00000c83c9ac9 by task kunit_try_catch/189
[   29.373352] 
[   29.373395] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.373485] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.373608] Hardware name: linux,dummy-virt (DT)
[   29.373751] Call trace:
[   29.373833]  show_stack+0x20/0x38 (C)
[   29.373880]  dump_stack_lvl+0x8c/0xd0
[   29.373929]  print_report+0x118/0x5d0
[   29.374145]  kasan_report+0xdc/0x128
[   29.374191]  __asan_report_store1_noabort+0x20/0x30
[   29.374245]  krealloc_less_oob_helper+0xa48/0xc50
[   29.374471]  krealloc_less_oob+0x20/0x38
[   29.374638]  kunit_try_run_case+0x170/0x3f0
[   29.374685]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.374747]  kthread+0x328/0x630
[   29.374788]  ret_from_fork+0x10/0x20
[   29.374834] 
[   29.374852] Allocated by task 189:
[   29.374878]  kasan_save_stack+0x3c/0x68
[   29.374928]  kasan_save_track+0x20/0x40
[   29.374966]  kasan_save_alloc_info+0x40/0x58
[   29.375014]  __kasan_krealloc+0x118/0x178
[   29.375053]  krealloc_noprof+0x128/0x360
[   29.375089]  krealloc_less_oob_helper+0x168/0xc50
[   29.375139]  krealloc_less_oob+0x20/0x38
[   29.375175]  kunit_try_run_case+0x170/0x3f0
[   29.375281]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.375424]  kthread+0x328/0x630
[   29.375455]  ret_from_fork+0x10/0x20
[   29.375490] 
[   29.375514] The buggy address belongs to the object at fff00000c83c9a00
[   29.375514]  which belongs to the cache kmalloc-256 of size 256
[   29.375572] The buggy address is located 0 bytes to the right of
[   29.375572]  allocated 201-byte region [fff00000c83c9a00, fff00000c83c9ac9)
[   29.375637] 
[   29.375656] The buggy address belongs to the physical page:
[   29.375687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1083c8
[   29.375750] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.375807] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.375857] page_type: f5(slab)
[   29.375894] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.375955] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.376078] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.376195] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.376365] head: 0bfffe0000000001 ffffc1ffc320f201 00000000ffffffff 00000000ffffffff
[   29.376487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.376607] page dumped because: kasan: bad access detected
[   29.376677] 
[   29.376788] Memory state around the buggy address:
[   29.376818]  fff00000c83c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.376874]  fff00000c83c9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.376915] >fff00000c83c9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.376952]                                               ^
[   29.376987]  fff00000c83c9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.377041]  fff00000c83c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.377079] ==================================================================
[   29.379314] ==================================================================
[   29.379419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.379584] Write of size 1 at addr fff00000c83c9ad0 by task kunit_try_catch/189
[   29.379698] 
[   29.379767] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.379851] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.379877] Hardware name: linux,dummy-virt (DT)
[   29.379917] Call trace:
[   29.379938]  show_stack+0x20/0x38 (C)
[   29.379997]  dump_stack_lvl+0x8c/0xd0
[   29.380041]  print_report+0x118/0x5d0
[   29.380083]  kasan_report+0xdc/0x128
[   29.380126]  __asan_report_store1_noabort+0x20/0x30
[   29.380182]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.380275]  krealloc_less_oob+0x20/0x38
[   29.380484]  kunit_try_run_case+0x170/0x3f0
[   29.380725]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.380871]  kthread+0x328/0x630
[   29.380999]  ret_from_fork+0x10/0x20
[   29.381148] 
[   29.381167] Allocated by task 189:
[   29.381193]  kasan_save_stack+0x3c/0x68
[   29.381233]  kasan_save_track+0x20/0x40
[   29.381282]  kasan_save_alloc_info+0x40/0x58
[   29.381318]  __kasan_krealloc+0x118/0x178
[   29.381381]  krealloc_noprof+0x128/0x360
[   29.381420]  krealloc_less_oob_helper+0x168/0xc50
[   29.381517]  krealloc_less_oob+0x20/0x38
[   29.381608]  kunit_try_run_case+0x170/0x3f0
[   29.381681]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.381800]  kthread+0x328/0x630
[   29.381856]  ret_from_fork+0x10/0x20
[   29.381924] 
[   29.381942] The buggy address belongs to the object at fff00000c83c9a00
[   29.381942]  which belongs to the cache kmalloc-256 of size 256
[   29.382011] The buggy address is located 7 bytes to the right of
[   29.382011]  allocated 201-byte region [fff00000c83c9a00, fff00000c83c9ac9)
[   29.382077] 
[   29.382096] The buggy address belongs to the physical page:
[   29.382141] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1083c8
[   29.382203] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.382306] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.382464] page_type: f5(slab)
[   29.382513] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.382575] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.382624] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.382672] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.382730] head: 0bfffe0000000001 ffffc1ffc320f201 00000000ffffffff 00000000ffffffff
[   29.382779] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.382818] page dumped because: kasan: bad access detected
[   29.382858] 
[   29.382875] Memory state around the buggy address:
[   29.382911]  fff00000c83c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.383082]  fff00000c83c9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.383199] >fff00000c83c9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.383238]                                                  ^
[   29.383274]  fff00000c83c9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.383316]  fff00000c83c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.383428] ==================================================================
[   29.426795] ==================================================================
[   29.426837] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.426892] Write of size 1 at addr fff00000c9a560eb by task kunit_try_catch/193
[   29.426942] 
[   29.426969] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.427050] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.427075] Hardware name: linux,dummy-virt (DT)
[   29.427105] Call trace:
[   29.427125]  show_stack+0x20/0x38 (C)
[   29.427182]  dump_stack_lvl+0x8c/0xd0
[   29.427303]  print_report+0x118/0x5d0
[   29.427400]  kasan_report+0xdc/0x128
[   29.427554]  __asan_report_store1_noabort+0x20/0x30
[   29.427711]  krealloc_less_oob_helper+0xa58/0xc50
[   29.427761]  krealloc_large_less_oob+0x20/0x38
[   29.427809]  kunit_try_run_case+0x170/0x3f0
[   29.427855]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.427909]  kthread+0x328/0x630
[   29.427948]  ret_from_fork+0x10/0x20
[   29.427994] 
[   29.428012] The buggy address belongs to the physical page:
[   29.428051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.428135] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.428224] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.428272] page_type: f8(unknown)
[   29.428331] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.428391] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.428512] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.428567] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.428701] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.428820] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.428859] page dumped because: kasan: bad access detected
[   29.428889] 
[   29.428906] Memory state around the buggy address:
[   29.428967]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.429020]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.429062] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.429100]                                                           ^
[   29.429208]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.429319]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.429357] ==================================================================
[   29.384366] ==================================================================
[   29.384413] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.384459] Write of size 1 at addr fff00000c83c9ada by task kunit_try_catch/189
[   29.384508] 
[   29.384537] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.384620] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.384656] Hardware name: linux,dummy-virt (DT)
[   29.384798] Call trace:
[   29.384892]  show_stack+0x20/0x38 (C)
[   29.385105]  dump_stack_lvl+0x8c/0xd0
[   29.385227]  print_report+0x118/0x5d0
[   29.385349]  kasan_report+0xdc/0x128
[   29.385542]  __asan_report_store1_noabort+0x20/0x30
[   29.385591]  krealloc_less_oob_helper+0xa80/0xc50
[   29.385639]  krealloc_less_oob+0x20/0x38
[   29.385684]  kunit_try_run_case+0x170/0x3f0
[   29.385731]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.385784]  kthread+0x328/0x630
[   29.385831]  ret_from_fork+0x10/0x20
[   29.386038] 
[   29.386112] Allocated by task 189:
[   29.386148]  kasan_save_stack+0x3c/0x68
[   29.386188]  kasan_save_track+0x20/0x40
[   29.386225]  kasan_save_alloc_info+0x40/0x58
[   29.386261]  __kasan_krealloc+0x118/0x178
[   29.386298]  krealloc_noprof+0x128/0x360
[   29.386335]  krealloc_less_oob_helper+0x168/0xc50
[   29.386374]  krealloc_less_oob+0x20/0x38
[   29.386410]  kunit_try_run_case+0x170/0x3f0
[   29.386447]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.386490]  kthread+0x328/0x630
[   29.386521]  ret_from_fork+0x10/0x20
[   29.386555] 
[   29.386572] The buggy address belongs to the object at fff00000c83c9a00
[   29.386572]  which belongs to the cache kmalloc-256 of size 256
[   29.386629] The buggy address is located 17 bytes to the right of
[   29.386629]  allocated 201-byte region [fff00000c83c9a00, fff00000c83c9ac9)
[   29.386694] 
[   29.386712] The buggy address belongs to the physical page:
[   29.386742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1083c8
[   29.386792] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.386852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.386902] page_type: f5(slab)
[   29.386950] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.386999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.387049] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.387105] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.387168] head: 0bfffe0000000001 ffffc1ffc320f201 00000000ffffffff 00000000ffffffff
[   29.387216] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.387256] page dumped because: kasan: bad access detected
[   29.387286] 
[   29.387312] Memory state around the buggy address:
[   29.387342]  fff00000c83c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.387384]  fff00000c83c9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.387441] >fff00000c83c9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.387479]                                                     ^
[   29.387520]  fff00000c83c9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.387562]  fff00000c83c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.387601] ==================================================================
[   29.392534] ==================================================================
[   29.392948] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   29.392998] Write of size 1 at addr fff00000c83c9aeb by task kunit_try_catch/189
[   29.393046] 
[   29.393075] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.393168] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.393203] Hardware name: linux,dummy-virt (DT)
[   29.393234] Call trace:
[   29.393254]  show_stack+0x20/0x38 (C)
[   29.393304]  dump_stack_lvl+0x8c/0xd0
[   29.393349]  print_report+0x118/0x5d0
[   29.393393]  kasan_report+0xdc/0x128
[   29.393457]  __asan_report_store1_noabort+0x20/0x30
[   29.393617]  krealloc_less_oob_helper+0xa58/0xc50
[   29.393741]  krealloc_less_oob+0x20/0x38
[   29.393829]  kunit_try_run_case+0x170/0x3f0
[   29.393877]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.393939]  kthread+0x328/0x630
[   29.393979]  ret_from_fork+0x10/0x20
[   29.394036] 
[   29.394053] Allocated by task 189:
[   29.394080]  kasan_save_stack+0x3c/0x68
[   29.394159]  kasan_save_track+0x20/0x40
[   29.394309]  kasan_save_alloc_info+0x40/0x58
[   29.394404]  __kasan_krealloc+0x118/0x178
[   29.394497]  krealloc_noprof+0x128/0x360
[   29.394545]  krealloc_less_oob_helper+0x168/0xc50
[   29.394631]  krealloc_less_oob+0x20/0x38
[   29.394899]  kunit_try_run_case+0x170/0x3f0
[   29.394960]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.395044]  kthread+0x328/0x630
[   29.395182]  ret_from_fork+0x10/0x20
[   29.395252] 
[   29.395270] The buggy address belongs to the object at fff00000c83c9a00
[   29.395270]  which belongs to the cache kmalloc-256 of size 256
[   29.395329] The buggy address is located 34 bytes to the right of
[   29.395329]  allocated 201-byte region [fff00000c83c9a00, fff00000c83c9ac9)
[   29.395396] 
[   29.395415] The buggy address belongs to the physical page:
[   29.395446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1083c8
[   29.395497] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.395549] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.395626] page_type: f5(slab)
[   29.395661] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.395741] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.395791] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.395872] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.395984] head: 0bfffe0000000001 ffffc1ffc320f201 00000000ffffffff 00000000ffffffff
[   29.396081] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.396122] page dumped because: kasan: bad access detected
[   29.396163] 
[   29.396214] Memory state around the buggy address:
[   29.396243]  fff00000c83c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.396287]  fff00000c83c9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.396330] >fff00000c83c9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.396378]                                                           ^
[   29.396427]  fff00000c83c9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.396537]  fff00000c83c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.396727] ==================================================================
[   29.417014] ==================================================================
[   29.417058] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   29.417103] Write of size 1 at addr fff00000c9a560d0 by task kunit_try_catch/193
[   29.417165] 
[   29.417201] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.417426] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.417561] Hardware name: linux,dummy-virt (DT)
[   29.417592] Call trace:
[   29.417619]  show_stack+0x20/0x38 (C)
[   29.417819]  dump_stack_lvl+0x8c/0xd0
[   29.417863]  print_report+0x118/0x5d0
[   29.417905]  kasan_report+0xdc/0x128
[   29.417946]  __asan_report_store1_noabort+0x20/0x30
[   29.418000]  krealloc_less_oob_helper+0xb9c/0xc50
[   29.418158]  krealloc_large_less_oob+0x20/0x38
[   29.418205]  kunit_try_run_case+0x170/0x3f0
[   29.418252]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.418304]  kthread+0x328/0x630
[   29.418344]  ret_from_fork+0x10/0x20
[   29.418399] 
[   29.418418] The buggy address belongs to the physical page:
[   29.418448] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.418512] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.418557] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.418606] page_type: f8(unknown)
[   29.418661] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.418739] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.418839] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.418959] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.419017] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.419107] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.419156] page dumped because: kasan: bad access detected
[   29.419187] 
[   29.419204] Memory state around the buggy address:
[   29.419235]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.419278]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.419322] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.419369]                                                  ^
[   29.419404]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.419460]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.419575] ==================================================================
[   29.414042] ==================================================================
[   29.414096] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   29.414161] Write of size 1 at addr fff00000c9a560c9 by task kunit_try_catch/193
[   29.414210] 
[   29.414239] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.414322] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.414348] Hardware name: linux,dummy-virt (DT)
[   29.414398] Call trace:
[   29.414419]  show_stack+0x20/0x38 (C)
[   29.414487]  dump_stack_lvl+0x8c/0xd0
[   29.414531]  print_report+0x118/0x5d0
[   29.414584]  kasan_report+0xdc/0x128
[   29.414625]  __asan_report_store1_noabort+0x20/0x30
[   29.414673]  krealloc_less_oob_helper+0xa48/0xc50
[   29.414722]  krealloc_large_less_oob+0x20/0x38
[   29.414793]  kunit_try_run_case+0x170/0x3f0
[   29.414957]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.415029]  kthread+0x328/0x630
[   29.415071]  ret_from_fork+0x10/0x20
[   29.415145] 
[   29.415165] The buggy address belongs to the physical page:
[   29.415221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.415274] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.415320] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.415370] page_type: f8(unknown)
[   29.415414] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.415465] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.415522] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.415581] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.415641] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.415690] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.415730] page dumped because: kasan: bad access detected
[   29.415760] 
[   29.415779] Memory state around the buggy address:
[   29.415809]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.415909]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.415953] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.415991]                                               ^
[   29.416064]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.416264]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.416302] ==================================================================
[   29.423965] ==================================================================
[   29.424001] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.424042] Write of size 1 at addr fff00000c9a560ea by task kunit_try_catch/193
[   29.424090] 
[   29.424118] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.424234] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.424292] Hardware name: linux,dummy-virt (DT)
[   29.424363] Call trace:
[   29.424389]  show_stack+0x20/0x38 (C)
[   29.424520]  dump_stack_lvl+0x8c/0xd0
[   29.424610]  print_report+0x118/0x5d0
[   29.424652]  kasan_report+0xdc/0x128
[   29.424699]  __asan_report_store1_noabort+0x20/0x30
[   29.424810]  krealloc_less_oob_helper+0xae4/0xc50
[   29.424961]  krealloc_large_less_oob+0x20/0x38
[   29.425087]  kunit_try_run_case+0x170/0x3f0
[   29.425146]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.425200]  kthread+0x328/0x630
[   29.425246]  ret_from_fork+0x10/0x20
[   29.425398] 
[   29.425417] The buggy address belongs to the physical page:
[   29.425519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.425778] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.425824] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.425873] page_type: f8(unknown)
[   29.425909] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.425958] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.426007] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.426062] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.426165] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.426213] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.426253] page dumped because: kasan: bad access detected
[   29.426283] 
[   29.426300] Memory state around the buggy address:
[   29.426329]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.426371]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.426472] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.426522]                                                           ^
[   29.426560]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.426602]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.426640] ==================================================================
[   29.420163] ==================================================================
[   29.420207] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   29.420493] Write of size 1 at addr fff00000c9a560da by task kunit_try_catch/193
[   29.420555] 
[   29.420631] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.420713] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.420773] Hardware name: linux,dummy-virt (DT)
[   29.420803] Call trace:
[   29.420829]  show_stack+0x20/0x38 (C)
[   29.420968]  dump_stack_lvl+0x8c/0xd0
[   29.421011]  print_report+0x118/0x5d0
[   29.421053]  kasan_report+0xdc/0x128
[   29.421095]  __asan_report_store1_noabort+0x20/0x30
[   29.421152]  krealloc_less_oob_helper+0xa80/0xc50
[   29.421201]  krealloc_large_less_oob+0x20/0x38
[   29.421248]  kunit_try_run_case+0x170/0x3f0
[   29.421303]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.421544]  kthread+0x328/0x630
[   29.421591]  ret_from_fork+0x10/0x20
[   29.421763] 
[   29.421781] The buggy address belongs to the physical page:
[   29.421811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a54
[   29.421863] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.421914] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.422159] page_type: f8(unknown)
[   29.422338] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.422432] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.422608] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   29.422681] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   29.423489] head: 0bfffe0000000002 ffffc1ffc3269501 00000000ffffffff 00000000ffffffff
[   29.423557] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   29.423597] page dumped because: kasan: bad access detected
[   29.423628] 
[   29.423646] Memory state around the buggy address:
[   29.423676]  fff00000c9a55f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.423718]  fff00000c9a56000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.423760] >fff00000c9a56080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   29.423798]                                                     ^
[   29.423834]  fff00000c9a56100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.423876]  fff00000c9a56180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   29.423913] ==================================================================
[   29.388463] ==================================================================
[   29.388516] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   29.388726] Write of size 1 at addr fff00000c83c9aea by task kunit_try_catch/189
[   29.388974] 
[   29.389103] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.389231] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.389257] Hardware name: linux,dummy-virt (DT)
[   29.389286] Call trace:
[   29.389306]  show_stack+0x20/0x38 (C)
[   29.389352]  dump_stack_lvl+0x8c/0xd0
[   29.389395]  print_report+0x118/0x5d0
[   29.389437]  kasan_report+0xdc/0x128
[   29.389479]  __asan_report_store1_noabort+0x20/0x30
[   29.389527]  krealloc_less_oob_helper+0xae4/0xc50
[   29.389583]  krealloc_less_oob+0x20/0x38
[   29.389791]  kunit_try_run_case+0x170/0x3f0
[   29.390010]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.390070]  kthread+0x328/0x630
[   29.390143]  ret_from_fork+0x10/0x20
[   29.390188] 
[   29.390205] Allocated by task 189:
[   29.390232]  kasan_save_stack+0x3c/0x68
[   29.390271]  kasan_save_track+0x20/0x40
[   29.390308]  kasan_save_alloc_info+0x40/0x58
[   29.390344]  __kasan_krealloc+0x118/0x178
[   29.390381]  krealloc_noprof+0x128/0x360
[   29.390418]  krealloc_less_oob_helper+0x168/0xc50
[   29.390457]  krealloc_less_oob+0x20/0x38
[   29.390492]  kunit_try_run_case+0x170/0x3f0
[   29.390529]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.390572]  kthread+0x328/0x630
[   29.390603]  ret_from_fork+0x10/0x20
[   29.390637] 
[   29.390654] The buggy address belongs to the object at fff00000c83c9a00
[   29.390654]  which belongs to the cache kmalloc-256 of size 256
[   29.390710] The buggy address is located 33 bytes to the right of
[   29.390710]  allocated 201-byte region [fff00000c83c9a00, fff00000c83c9ac9)
[   29.390787] 
[   29.390806] The buggy address belongs to the physical page:
[   29.390877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1083c8
[   29.391083] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.391138] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.391200] page_type: f5(slab)
[   29.391255] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.391308] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.391375] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000
[   29.391423] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.391472] head: 0bfffe0000000001 ffffc1ffc320f201 00000000ffffffff 00000000ffffffff
[   29.391537] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   29.391577] page dumped because: kasan: bad access detected
[   29.391618] 
[   29.391636] Memory state around the buggy address:
[   29.391666]  fff00000c83c9980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.391715]  fff00000c83c9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.391769] >fff00000c83c9a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   29.391885]                                                           ^
[   29.391924]  fff00000c83c9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.391985]  fff00000c83c9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.392024] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2zg2XHDetVY6OrHI08Y5wTDVefc

job_id

TEST:linaro@lkft#2zg2bsAOkg3wb79cd8Vo2Ft0I1T

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zg2bsAOkg3wb79cd8Vo2Ft0I1T

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2YOg93aKHunllRjksuPjKD6j/Image.gz
sha256sum	3f8bc09ed9f9b9b07dd9347c2471900b9e11e4d06f46c1535963c2786d616931

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2YOg93aKHunllRjksuPjKD6j/modules.tar.xz
sha256sum	18d47f695b0cc0ec439f0c595d58fd07556cd744245e3297b23baf9d55fb3bf2

durations

tests

boot	0
kunit	167.18

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   24.938864] ==================================================================
[   24.939187] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.939558] Write of size 1 at addr ffff8881060de0eb by task kunit_try_catch/210
[   24.940049] 
[   24.940167] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.940214] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.940225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.940245] Call Trace:
[   24.940260]  <TASK>
[   24.940275]  dump_stack_lvl+0x73/0xb0
[   24.940302]  print_report+0xd1/0x610
[   24.940324]  ? __virt_addr_valid+0x1db/0x2d0
[   24.940347]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.940370]  ? kasan_addr_to_slab+0x11/0xa0
[   24.940390]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.940414]  kasan_report+0x141/0x180
[   24.940435]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.940463]  __asan_report_store1_noabort+0x1b/0x30
[   24.940487]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.940512]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.940535]  ? finish_task_switch.isra.0+0x153/0x700
[   24.940556]  ? __switch_to+0x47/0xf80
[   24.940581]  ? __schedule+0x10cc/0x2b60
[   24.940625]  ? __pfx_read_tsc+0x10/0x10
[   24.940650]  krealloc_large_less_oob+0x1c/0x30
[   24.940672]  kunit_try_run_case+0x1a5/0x480
[   24.940694]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.940724]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.940746]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.940835]  ? __kthread_parkme+0x82/0x180
[   24.940859]  ? preempt_count_sub+0x50/0x80
[   24.940881]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.940903]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.940928]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.940952]  kthread+0x337/0x6f0
[   24.940972]  ? trace_preempt_on+0x20/0xc0
[   24.940994]  ? __pfx_kthread+0x10/0x10
[   24.941015]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.941036]  ? calculate_sigpending+0x7b/0xa0
[   24.941059]  ? __pfx_kthread+0x10/0x10
[   24.941080]  ret_from_fork+0x116/0x1d0
[   24.941098]  ? __pfx_kthread+0x10/0x10
[   24.941119]  ret_from_fork_asm+0x1a/0x30
[   24.941149]  </TASK>
[   24.941160] 
[   24.948578] The buggy address belongs to the physical page:
[   24.948825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc
[   24.949086] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.949416] flags: 0x200000000000040(head|node=0|zone=2)
[   24.949647] page_type: f8(unknown)
[   24.949916] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.950200] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.950524] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.951036] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.951284] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff
[   24.951542] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.952742] page dumped because: kasan: bad access detected
[   24.953716] 
[   24.953855] Memory state around the buggy address:
[   24.954090]  ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.954416]  ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.954760] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.955074]                                                           ^
[   24.955344]  ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.955638]  ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.956046] ==================================================================
[   24.796572] ==================================================================
[   24.796916] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   24.797224] Write of size 1 at addr ffff8881049906eb by task kunit_try_catch/206
[   24.797569] 
[   24.797651] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.797697] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.797719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.797739] Call Trace:
[   24.797755]  <TASK>
[   24.797836]  dump_stack_lvl+0x73/0xb0
[   24.797867]  print_report+0xd1/0x610
[   24.797889]  ? __virt_addr_valid+0x1db/0x2d0
[   24.797912]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.797935]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.797960]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.797984]  kasan_report+0x141/0x180
[   24.798006]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   24.798033]  __asan_report_store1_noabort+0x1b/0x30
[   24.798057]  krealloc_less_oob_helper+0xd47/0x11d0
[   24.798082]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.798105]  ? finish_task_switch.isra.0+0x153/0x700
[   24.798127]  ? __switch_to+0x47/0xf80
[   24.798152]  ? __schedule+0x10cc/0x2b60
[   24.798174]  ? __pfx_read_tsc+0x10/0x10
[   24.798198]  krealloc_less_oob+0x1c/0x30
[   24.798220]  kunit_try_run_case+0x1a5/0x480
[   24.798242]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.798262]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.798285]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.798307]  ? __kthread_parkme+0x82/0x180
[   24.798327]  ? preempt_count_sub+0x50/0x80
[   24.798350]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.798371]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.798395]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.798419]  kthread+0x337/0x6f0
[   24.798439]  ? trace_preempt_on+0x20/0xc0
[   24.798460]  ? __pfx_kthread+0x10/0x10
[   24.798481]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.798502]  ? calculate_sigpending+0x7b/0xa0
[   24.798543]  ? __pfx_kthread+0x10/0x10
[   24.798564]  ret_from_fork+0x116/0x1d0
[   24.798583]  ? __pfx_kthread+0x10/0x10
[   24.798603]  ret_from_fork_asm+0x1a/0x30
[   24.798633]  </TASK>
[   24.798645] 
[   24.806821] Allocated by task 206:
[   24.807015]  kasan_save_stack+0x45/0x70
[   24.807192]  kasan_save_track+0x18/0x40
[   24.807356]  kasan_save_alloc_info+0x3b/0x50
[   24.807818]  __kasan_krealloc+0x190/0x1f0
[   24.808012]  krealloc_noprof+0xf3/0x340
[   24.808206]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.808434]  krealloc_less_oob+0x1c/0x30
[   24.808649]  kunit_try_run_case+0x1a5/0x480
[   24.808889]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.809152]  kthread+0x337/0x6f0
[   24.809299]  ret_from_fork+0x116/0x1d0
[   24.809466]  ret_from_fork_asm+0x1a/0x30
[   24.809657] 
[   24.809759] The buggy address belongs to the object at ffff888104990600
[   24.809759]  which belongs to the cache kmalloc-256 of size 256
[   24.810289] The buggy address is located 34 bytes to the right of
[   24.810289]  allocated 201-byte region [ffff888104990600, ffff8881049906c9)
[   24.811038] 
[   24.811140] The buggy address belongs to the physical page:
[   24.811362] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990
[   24.811715] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.812026] flags: 0x200000000000040(head|node=0|zone=2)
[   24.812205] page_type: f5(slab)
[   24.812323] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.812652] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.813080] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.813422] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.813678] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff
[   24.813927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.814245] page dumped because: kasan: bad access detected
[   24.814494] 
[   24.814586] Memory state around the buggy address:
[   24.815031]  ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.815364]  ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.815684] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.816391]                                                           ^
[   24.816713]  ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.817099]  ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.817413] ==================================================================
[   24.889644] ==================================================================
[   24.890215] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.890479] Write of size 1 at addr ffff8881060de0d0 by task kunit_try_catch/210
[   24.890938] 
[   24.891046] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.891094] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.891105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.891126] Call Trace:
[   24.891138]  <TASK>
[   24.891154]  dump_stack_lvl+0x73/0xb0
[   24.891182]  print_report+0xd1/0x610
[   24.891205]  ? __virt_addr_valid+0x1db/0x2d0
[   24.891229]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.891253]  ? kasan_addr_to_slab+0x11/0xa0
[   24.891273]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.891296]  kasan_report+0x141/0x180
[   24.891318]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.891346]  __asan_report_store1_noabort+0x1b/0x30
[   24.891369]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.891394]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.891418]  ? finish_task_switch.isra.0+0x153/0x700
[   24.891440]  ? __switch_to+0x47/0xf80
[   24.891465]  ? __schedule+0x10cc/0x2b60
[   24.891488]  ? __pfx_read_tsc+0x10/0x10
[   24.891512]  krealloc_large_less_oob+0x1c/0x30
[   24.891534]  kunit_try_run_case+0x1a5/0x480
[   24.891556]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.891576]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.891598]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.891621]  ? __kthread_parkme+0x82/0x180
[   24.891642]  ? preempt_count_sub+0x50/0x80
[   24.891665]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.891686]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.891724]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.891748]  kthread+0x337/0x6f0
[   24.891768]  ? trace_preempt_on+0x20/0xc0
[   24.891790]  ? __pfx_kthread+0x10/0x10
[   24.891811]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.891832]  ? calculate_sigpending+0x7b/0xa0
[   24.891862]  ? __pfx_kthread+0x10/0x10
[   24.891928]  ret_from_fork+0x116/0x1d0
[   24.891948]  ? __pfx_kthread+0x10/0x10
[   24.891969]  ret_from_fork_asm+0x1a/0x30
[   24.891999]  </TASK>
[   24.892011] 
[   24.899823] The buggy address belongs to the physical page:
[   24.900102] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc
[   24.900464] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.901152] flags: 0x200000000000040(head|node=0|zone=2)
[   24.901401] page_type: f8(unknown)
[   24.901586] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.902000] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.902278] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.902515] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.903015] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff
[   24.903352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.903670] page dumped because: kasan: bad access detected
[   24.904003] 
[   24.904098] Memory state around the buggy address:
[   24.904261]  ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.904474]  ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.904832] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.905158]                                                  ^
[   24.905385]  ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.905596]  ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.905845] ==================================================================
[   24.776389] ==================================================================
[   24.776745] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.776993] Write of size 1 at addr ffff8881049906ea by task kunit_try_catch/206
[   24.777314] 
[   24.777421] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.777468] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.777482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.777505] Call Trace:
[   24.777521]  <TASK>
[   24.777536]  dump_stack_lvl+0x73/0xb0
[   24.777562]  print_report+0xd1/0x610
[   24.777585]  ? __virt_addr_valid+0x1db/0x2d0
[   24.777609]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.777632]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.777656]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.777679]  kasan_report+0x141/0x180
[   24.777711]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.777739]  __asan_report_store1_noabort+0x1b/0x30
[   24.777762]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.777787]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.777809]  ? finish_task_switch.isra.0+0x153/0x700
[   24.777830]  ? __switch_to+0x47/0xf80
[   24.777854]  ? __schedule+0x10cc/0x2b60
[   24.777876]  ? __pfx_read_tsc+0x10/0x10
[   24.777899]  krealloc_less_oob+0x1c/0x30
[   24.777919]  kunit_try_run_case+0x1a5/0x480
[   24.777940]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.777960]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.777982]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.778004]  ? __kthread_parkme+0x82/0x180
[   24.778023]  ? preempt_count_sub+0x50/0x80
[   24.778045]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.778066]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.778089]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.778113]  kthread+0x337/0x6f0
[   24.778131]  ? trace_preempt_on+0x20/0xc0
[   24.778154]  ? __pfx_kthread+0x10/0x10
[   24.778173]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.778193]  ? calculate_sigpending+0x7b/0xa0
[   24.778216]  ? __pfx_kthread+0x10/0x10
[   24.778236]  ret_from_fork+0x116/0x1d0
[   24.778254]  ? __pfx_kthread+0x10/0x10
[   24.778274]  ret_from_fork_asm+0x1a/0x30
[   24.778303]  </TASK>
[   24.778314] 
[   24.786118] Allocated by task 206:
[   24.786298]  kasan_save_stack+0x45/0x70
[   24.786494]  kasan_save_track+0x18/0x40
[   24.786682]  kasan_save_alloc_info+0x3b/0x50
[   24.787057]  __kasan_krealloc+0x190/0x1f0
[   24.787267]  krealloc_noprof+0xf3/0x340
[   24.787403]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.787559]  krealloc_less_oob+0x1c/0x30
[   24.787853]  kunit_try_run_case+0x1a5/0x480
[   24.788068]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.788273]  kthread+0x337/0x6f0
[   24.788440]  ret_from_fork+0x116/0x1d0
[   24.788626]  ret_from_fork_asm+0x1a/0x30
[   24.788900] 
[   24.788983] The buggy address belongs to the object at ffff888104990600
[   24.788983]  which belongs to the cache kmalloc-256 of size 256
[   24.789456] The buggy address is located 33 bytes to the right of
[   24.789456]  allocated 201-byte region [ffff888104990600, ffff8881049906c9)
[   24.790057] 
[   24.790147] The buggy address belongs to the physical page:
[   24.790376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990
[   24.790641] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.791137] flags: 0x200000000000040(head|node=0|zone=2)
[   24.791396] page_type: f5(slab)
[   24.791563] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.791960] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.792307] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.792662] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.792950] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff
[   24.793294] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.793587] page dumped because: kasan: bad access detected
[   24.793825] 
[   24.793894] Memory state around the buggy address:
[   24.794088]  ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.794302]  ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.794586] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.795126]                                                           ^
[   24.795346]  ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.795660]  ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.796077] ==================================================================
[   24.735564] ==================================================================
[   24.736098] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   24.736466] Write of size 1 at addr ffff8881049906d0 by task kunit_try_catch/206
[   24.736772] 
[   24.736878] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.736930] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.736943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.736965] Call Trace:
[   24.736979]  <TASK>
[   24.737000]  dump_stack_lvl+0x73/0xb0
[   24.737032]  print_report+0xd1/0x610
[   24.737056]  ? __virt_addr_valid+0x1db/0x2d0
[   24.737081]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.737105]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.737131]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.737155]  kasan_report+0x141/0x180
[   24.737177]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   24.737204]  __asan_report_store1_noabort+0x1b/0x30
[   24.737228]  krealloc_less_oob_helper+0xe23/0x11d0
[   24.737254]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.737277]  ? finish_task_switch.isra.0+0x153/0x700
[   24.737300]  ? __switch_to+0x47/0xf80
[   24.737326]  ? __schedule+0x10cc/0x2b60
[   24.737349]  ? __pfx_read_tsc+0x10/0x10
[   24.737374]  krealloc_less_oob+0x1c/0x30
[   24.737395]  kunit_try_run_case+0x1a5/0x480
[   24.737417]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.737437]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.737460]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.737483]  ? __kthread_parkme+0x82/0x180
[   24.737503]  ? preempt_count_sub+0x50/0x80
[   24.737525]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.737547]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.737571]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.737596]  kthread+0x337/0x6f0
[   24.737615]  ? trace_preempt_on+0x20/0xc0
[   24.737640]  ? __pfx_kthread+0x10/0x10
[   24.737660]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.737681]  ? calculate_sigpending+0x7b/0xa0
[   24.737716]  ? __pfx_kthread+0x10/0x10
[   24.737737]  ret_from_fork+0x116/0x1d0
[   24.737756]  ? __pfx_kthread+0x10/0x10
[   24.737777]  ret_from_fork_asm+0x1a/0x30
[   24.737809]  </TASK>
[   24.737821] 
[   24.745476] Allocated by task 206:
[   24.745678]  kasan_save_stack+0x45/0x70
[   24.745962]  kasan_save_track+0x18/0x40
[   24.746160]  kasan_save_alloc_info+0x3b/0x50
[   24.746370]  __kasan_krealloc+0x190/0x1f0
[   24.746559]  krealloc_noprof+0xf3/0x340
[   24.746825]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.747009]  krealloc_less_oob+0x1c/0x30
[   24.747143]  kunit_try_run_case+0x1a5/0x480
[   24.747282]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.747493]  kthread+0x337/0x6f0
[   24.747675]  ret_from_fork+0x116/0x1d0
[   24.748057]  ret_from_fork_asm+0x1a/0x30
[   24.748264] 
[   24.748357] The buggy address belongs to the object at ffff888104990600
[   24.748357]  which belongs to the cache kmalloc-256 of size 256
[   24.748991] The buggy address is located 7 bytes to the right of
[   24.748991]  allocated 201-byte region [ffff888104990600, ffff8881049906c9)
[   24.749402] 
[   24.749521] The buggy address belongs to the physical page:
[   24.749862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990
[   24.750224] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.750497] flags: 0x200000000000040(head|node=0|zone=2)
[   24.750759] page_type: f5(slab)
[   24.750892] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.751189] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.751499] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.751814] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.752124] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff
[   24.752743] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.753113] page dumped because: kasan: bad access detected
[   24.753318] 
[   24.753385] Memory state around the buggy address:
[   24.753566]  ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.753967]  ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.754290] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.754540]                                                  ^
[   24.754833]  ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.755160]  ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.755472] ==================================================================
[   24.906376] ==================================================================
[   24.906719] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   24.907086] Write of size 1 at addr ffff8881060de0da by task kunit_try_catch/210
[   24.907311] 
[   24.907391] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.907437] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.907448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.907468] Call Trace:
[   24.907482]  <TASK>
[   24.907505]  dump_stack_lvl+0x73/0xb0
[   24.907532]  print_report+0xd1/0x610
[   24.907555]  ? __virt_addr_valid+0x1db/0x2d0
[   24.907578]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.907601]  ? kasan_addr_to_slab+0x11/0xa0
[   24.907621]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.907645]  kasan_report+0x141/0x180
[   24.907666]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.907694]  __asan_report_store1_noabort+0x1b/0x30
[   24.907731]  krealloc_less_oob_helper+0xec6/0x11d0
[   24.907756]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.907824]  ? finish_task_switch.isra.0+0x153/0x700
[   24.907853]  ? __switch_to+0x47/0xf80
[   24.907880]  ? __schedule+0x10cc/0x2b60
[   24.907903]  ? __pfx_read_tsc+0x10/0x10
[   24.907927]  krealloc_large_less_oob+0x1c/0x30
[   24.907949]  kunit_try_run_case+0x1a5/0x480
[   24.907972]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.907992]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.908015]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.908037]  ? __kthread_parkme+0x82/0x180
[   24.908058]  ? preempt_count_sub+0x50/0x80
[   24.908080]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.908102]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.908126]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.908151]  kthread+0x337/0x6f0
[   24.908170]  ? trace_preempt_on+0x20/0xc0
[   24.908193]  ? __pfx_kthread+0x10/0x10
[   24.908214]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.908235]  ? calculate_sigpending+0x7b/0xa0
[   24.908259]  ? __pfx_kthread+0x10/0x10
[   24.908280]  ret_from_fork+0x116/0x1d0
[   24.908299]  ? __pfx_kthread+0x10/0x10
[   24.908319]  ret_from_fork_asm+0x1a/0x30
[   24.908350]  </TASK>
[   24.908362] 
[   24.916659] The buggy address belongs to the physical page:
[   24.916869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc
[   24.917185] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.917705] flags: 0x200000000000040(head|node=0|zone=2)
[   24.917913] page_type: f8(unknown)
[   24.918127] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.918355] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.918751] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.919172] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.919813] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff
[   24.920175] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.920423] page dumped because: kasan: bad access detected
[   24.920587] 
[   24.920676] Memory state around the buggy address:
[   24.920924]  ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.921247]  ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.921549] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.921969]                                                     ^
[   24.922168]  ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.922450]  ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.922842] ==================================================================
[   24.923196] ==================================================================
[   24.923434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   24.924002] Write of size 1 at addr ffff8881060de0ea by task kunit_try_catch/210
[   24.924253] 
[   24.924334] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.924378] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.924389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.924409] Call Trace:
[   24.924424]  <TASK>
[   24.924440]  dump_stack_lvl+0x73/0xb0
[   24.924467]  print_report+0xd1/0x610
[   24.924513]  ? __virt_addr_valid+0x1db/0x2d0
[   24.924536]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.924559]  ? kasan_addr_to_slab+0x11/0xa0
[   24.924579]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.924602]  kasan_report+0x141/0x180
[   24.924624]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   24.924651]  __asan_report_store1_noabort+0x1b/0x30
[   24.924675]  krealloc_less_oob_helper+0xe90/0x11d0
[   24.924710]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.924733]  ? finish_task_switch.isra.0+0x153/0x700
[   24.924755]  ? __switch_to+0x47/0xf80
[   24.924851]  ? __schedule+0x10cc/0x2b60
[   24.924874]  ? __pfx_read_tsc+0x10/0x10
[   24.924899]  krealloc_large_less_oob+0x1c/0x30
[   24.924923]  kunit_try_run_case+0x1a5/0x480
[   24.924944]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.924965]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.924987]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.925010]  ? __kthread_parkme+0x82/0x180
[   24.925030]  ? preempt_count_sub+0x50/0x80
[   24.925053]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.925074]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.925098]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.925123]  kthread+0x337/0x6f0
[   24.925142]  ? trace_preempt_on+0x20/0xc0
[   24.925165]  ? __pfx_kthread+0x10/0x10
[   24.925185]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.925206]  ? calculate_sigpending+0x7b/0xa0
[   24.925229]  ? __pfx_kthread+0x10/0x10
[   24.925252]  ret_from_fork+0x116/0x1d0
[   24.925271]  ? __pfx_kthread+0x10/0x10
[   24.925291]  ret_from_fork_asm+0x1a/0x30
[   24.925321]  </TASK>
[   24.925333] 
[   24.932929] The buggy address belongs to the physical page:
[   24.933174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc
[   24.933500] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.933859] flags: 0x200000000000040(head|node=0|zone=2)
[   24.934087] page_type: f8(unknown)
[   24.934250] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.934550] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.934858] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.935138] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.935434] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff
[   24.935945] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.936246] page dumped because: kasan: bad access detected
[   24.936468] 
[   24.936579] Memory state around the buggy address:
[   24.936848]  ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.937141]  ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.937437] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.937737]                                                           ^
[   24.938043]  ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.938296]  ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.938523] ==================================================================
[   24.708392] ==================================================================
[   24.709232] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.709627] Write of size 1 at addr ffff8881049906c9 by task kunit_try_catch/206
[   24.709994] 
[   24.710110] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.710208] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.710234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.710257] Call Trace:
[   24.710271]  <TASK>
[   24.710289]  dump_stack_lvl+0x73/0xb0
[   24.710320]  print_report+0xd1/0x610
[   24.710353]  ? __virt_addr_valid+0x1db/0x2d0
[   24.710378]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.710413]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.710438]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.710461]  kasan_report+0x141/0x180
[   24.710483]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.710522]  __asan_report_store1_noabort+0x1b/0x30
[   24.710546]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.710572]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.710595]  ? finish_task_switch.isra.0+0x153/0x700
[   24.710627]  ? __switch_to+0x47/0xf80
[   24.710653]  ? __schedule+0x10cc/0x2b60
[   24.710676]  ? __pfx_read_tsc+0x10/0x10
[   24.710721]  krealloc_less_oob+0x1c/0x30
[   24.710742]  kunit_try_run_case+0x1a5/0x480
[   24.710765]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.710785]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.710808]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.710839]  ? __kthread_parkme+0x82/0x180
[   24.710859]  ? preempt_count_sub+0x50/0x80
[   24.710882]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.710953]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.710983]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.711008]  kthread+0x337/0x6f0
[   24.711028]  ? trace_preempt_on+0x20/0xc0
[   24.711052]  ? __pfx_kthread+0x10/0x10
[   24.711073]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.711094]  ? calculate_sigpending+0x7b/0xa0
[   24.711117]  ? __pfx_kthread+0x10/0x10
[   24.711138]  ret_from_fork+0x116/0x1d0
[   24.711157]  ? __pfx_kthread+0x10/0x10
[   24.711178]  ret_from_fork_asm+0x1a/0x30
[   24.711208]  </TASK>
[   24.711221] 
[   24.720940] Allocated by task 206:
[   24.721377]  kasan_save_stack+0x45/0x70
[   24.721550]  kasan_save_track+0x18/0x40
[   24.721684]  kasan_save_alloc_info+0x3b/0x50
[   24.721844]  __kasan_krealloc+0x190/0x1f0
[   24.721980]  krealloc_noprof+0xf3/0x340
[   24.722117]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.722281]  krealloc_less_oob+0x1c/0x30
[   24.722418]  kunit_try_run_case+0x1a5/0x480
[   24.722557]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.723213]  kthread+0x337/0x6f0
[   24.724607]  ret_from_fork+0x116/0x1d0
[   24.725272]  ret_from_fork_asm+0x1a/0x30
[   24.726191] 
[   24.726314] The buggy address belongs to the object at ffff888104990600
[   24.726314]  which belongs to the cache kmalloc-256 of size 256
[   24.727448] The buggy address is located 0 bytes to the right of
[   24.727448]  allocated 201-byte region [ffff888104990600, ffff8881049906c9)
[   24.728397] 
[   24.728495] The buggy address belongs to the physical page:
[   24.729057] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990
[   24.729397] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.729838] flags: 0x200000000000040(head|node=0|zone=2)
[   24.730050] page_type: f5(slab)
[   24.730202] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.730502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.730816] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.731073] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.731414] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff
[   24.731691] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.732234] page dumped because: kasan: bad access detected
[   24.732469] 
[   24.732582] Memory state around the buggy address:
[   24.732853]  ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.733137]  ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.733426] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.733754]                                               ^
[   24.734069]  ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.734380]  ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.734674] ==================================================================
[   24.756185] ==================================================================
[   24.756498] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   24.756893] Write of size 1 at addr ffff8881049906da by task kunit_try_catch/206
[   24.757220] 
[   24.757326] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.757372] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.757384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.757405] Call Trace:
[   24.757422]  <TASK>
[   24.757438]  dump_stack_lvl+0x73/0xb0
[   24.757467]  print_report+0xd1/0x610
[   24.757490]  ? __virt_addr_valid+0x1db/0x2d0
[   24.757513]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.757556]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.757582]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.757605]  kasan_report+0x141/0x180
[   24.757627]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   24.757654]  __asan_report_store1_noabort+0x1b/0x30
[   24.757678]  krealloc_less_oob_helper+0xec6/0x11d0
[   24.757712]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.757735]  ? finish_task_switch.isra.0+0x153/0x700
[   24.757756]  ? __switch_to+0x47/0xf80
[   24.757853]  ? __schedule+0x10cc/0x2b60
[   24.757877]  ? __pfx_read_tsc+0x10/0x10
[   24.757901]  krealloc_less_oob+0x1c/0x30
[   24.757922]  kunit_try_run_case+0x1a5/0x480
[   24.757944]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.757964]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.757986]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.758009]  ? __kthread_parkme+0x82/0x180
[   24.758029]  ? preempt_count_sub+0x50/0x80
[   24.758052]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.758073]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.758097]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.758121]  kthread+0x337/0x6f0
[   24.758141]  ? trace_preempt_on+0x20/0xc0
[   24.758163]  ? __pfx_kthread+0x10/0x10
[   24.758183]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.758204]  ? calculate_sigpending+0x7b/0xa0
[   24.758227]  ? __pfx_kthread+0x10/0x10
[   24.758248]  ret_from_fork+0x116/0x1d0
[   24.758267]  ? __pfx_kthread+0x10/0x10
[   24.758287]  ret_from_fork_asm+0x1a/0x30
[   24.758317]  </TASK>
[   24.758328] 
[   24.766001] Allocated by task 206:
[   24.766185]  kasan_save_stack+0x45/0x70
[   24.766333]  kasan_save_track+0x18/0x40
[   24.766463]  kasan_save_alloc_info+0x3b/0x50
[   24.766669]  __kasan_krealloc+0x190/0x1f0
[   24.766942]  krealloc_noprof+0xf3/0x340
[   24.767143]  krealloc_less_oob_helper+0x1aa/0x11d0
[   24.767374]  krealloc_less_oob+0x1c/0x30
[   24.767590]  kunit_try_run_case+0x1a5/0x480
[   24.767842]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.768099]  kthread+0x337/0x6f0
[   24.768247]  ret_from_fork+0x116/0x1d0
[   24.768404]  ret_from_fork_asm+0x1a/0x30
[   24.768600] 
[   24.768690] The buggy address belongs to the object at ffff888104990600
[   24.768690]  which belongs to the cache kmalloc-256 of size 256
[   24.769346] The buggy address is located 17 bytes to the right of
[   24.769346]  allocated 201-byte region [ffff888104990600, ffff8881049906c9)
[   24.769944] 
[   24.770043] The buggy address belongs to the physical page:
[   24.770271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104990
[   24.770510] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.770859] flags: 0x200000000000040(head|node=0|zone=2)
[   24.771112] page_type: f5(slab)
[   24.771277] raw: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.771642] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.772063] head: 0200000000000040 ffff888100041b40 dead000000000100 dead000000000122
[   24.772311] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.772679] head: 0200000000000001 ffffea0004126401 00000000ffffffff 00000000ffffffff
[   24.773177] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   24.773494] page dumped because: kasan: bad access detected
[   24.773756] 
[   24.773912] Memory state around the buggy address:
[   24.774104]  ffff888104990580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.774386]  ffff888104990600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.774676] >ffff888104990680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   24.774986]                                                     ^
[   24.775216]  ffff888104990700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.775548]  ffff888104990780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.775949] ==================================================================
[   24.872484] ==================================================================
[   24.872958] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   24.873479] Write of size 1 at addr ffff8881060de0c9 by task kunit_try_catch/210
[   24.873826] 
[   24.874004] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.874051] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.874063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.874084] Call Trace:
[   24.874097]  <TASK>
[   24.874113]  dump_stack_lvl+0x73/0xb0
[   24.874143]  print_report+0xd1/0x610
[   24.874166]  ? __virt_addr_valid+0x1db/0x2d0
[   24.874191]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.874215]  ? kasan_addr_to_slab+0x11/0xa0
[   24.874243]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.874267]  kasan_report+0x141/0x180
[   24.874289]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   24.874316]  __asan_report_store1_noabort+0x1b/0x30
[   24.874340]  krealloc_less_oob_helper+0xd70/0x11d0
[   24.874365]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   24.874388]  ? finish_task_switch.isra.0+0x153/0x700
[   24.874411]  ? __switch_to+0x47/0xf80
[   24.874436]  ? __schedule+0x10cc/0x2b60
[   24.874458]  ? __pfx_read_tsc+0x10/0x10
[   24.874483]  krealloc_large_less_oob+0x1c/0x30
[   24.874505]  kunit_try_run_case+0x1a5/0x480
[   24.874528]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.874547]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.874570]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.874592]  ? __kthread_parkme+0x82/0x180
[   24.874620]  ? preempt_count_sub+0x50/0x80
[   24.874643]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.874664]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.874688]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.874725]  kthread+0x337/0x6f0
[   24.874745]  ? trace_preempt_on+0x20/0xc0
[   24.874768]  ? __pfx_kthread+0x10/0x10
[   24.874808]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.874829]  ? calculate_sigpending+0x7b/0xa0
[   24.874852]  ? __pfx_kthread+0x10/0x10
[   24.874874]  ret_from_fork+0x116/0x1d0
[   24.874893]  ? __pfx_kthread+0x10/0x10
[   24.874913]  ret_from_fork_asm+0x1a/0x30
[   24.874944]  </TASK>
[   24.874956] 
[   24.882735] The buggy address belongs to the physical page:
[   24.883173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc
[   24.883478] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.883926] flags: 0x200000000000040(head|node=0|zone=2)
[   24.884103] page_type: f8(unknown)
[   24.884231] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.884691] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.885310] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   24.885545] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   24.885947] head: 0200000000000002 ffffea0004183701 00000000ffffffff 00000000ffffffff
[   24.886299] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   24.886770] page dumped because: kasan: bad access detected
[   24.887077] 
[   24.887173] Memory state around the buggy address:
[   24.887332]  ffff8881060ddf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.887547]  ffff8881060de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.887806] >ffff8881060de080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   24.888132]                                               ^
[   24.888398]  ffff8881060de100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.888671]  ffff8881060de180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   24.888944] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2zg2XHDetVY6OrHI08Y5wTDVefc

job_id

TEST:linaro@lkft#2zg2chsWj6P6g4Yh42ScAolxoFf

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2zg2chsWj6P6g4Yh42ScAolxoFf

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2ZQCXMKejwdMDyYW6pznxaZM/bzImage
sha256sum	eb7410b0b69b19788d5882352e576aee30487b33703b12e52517fe201bd88014

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2zg2ZQCXMKejwdMDyYW6pznxaZM/modules.tar.xz
sha256sum	c3a441bb14076463ddc241205f7bbeb2eae739a3ece169faa37e10094e3dfd2b

durations

tests

boot	0
kunit	225.15

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit